Hi I want to announce the launch of the ActiveRBAC [1] project. The aim of the project is to provide a comprehensive authentication and authorization framework for Ruby On Rails based on the NIST RBAC [2] standards and ideas. A quick summary of the RBAC concept: Permissions are assigned to roles instead of users. Roles are then assigned to users and by this you can reflect the structure of an organization in the authorization part of your application. Additionally, not associating ACLs (really only permission lists) not to users, but to roles, the authorization system is less error prone. ActiveRBAC could become the common authentication and authorization layer that RoR is currently lacking in order for RoR components to be really interchangeable. We currently have a basic working database structure following our specification [3], ActiveRecord model classes and a simple but working GUI. Heading for our "0.1" milestone which is currently needing a lot of unit tests to be completed, we search for developers who want to get in touch with the ActiveRBAC system by writing these unit tests. Future releases will include * ActiveRecord and ActionController mixins to provide functions similar to "attr_protected" so you can protect actions and your data declaratively * better configureability and hooks like "after_login" etc. * a shining AJAX administration interface ... and ship with sweets or beer - depending on your preferences :) Regards Manuel Holtgrewe [1] https://rbaconrails.turingstudio.com/ [2] http://csrc.nist.gov/rbac/ [3] https://rbaconrails.turingstudio.com/trac/wiki/FullSpecification [4] https://lists.cloudcore.com/mailman/listinfo/rbac-dev